You are here

Correct way to Logout after finished using API

4 posts / 0 new
Last post
leeswit
leeswit's picture
Correct way to Logout after finished using API

Evening,

I've been having some pretty good luck getting some API scripts working, I can now login and then retrieve user information (such as access rights). What I can't do though is figure out the correct format to logout:

Here's my test code as it stands at the moment:

sub userLogout { my $url = _buildURL('rest/login'); my $request; my $response; my $browser;    $requestbody = _jsonencode(    'username' => $username,    'token' => $loginToken  );    $request = HTTP::Request->new('DELETE',$url);  $request->header ('Content-Type' => 'application/json');  $request->header ('Accept' => 'application/json');  $request->header ('X-Opsview-Username' => $username);  $request->header ('X-Opsview-Token' => $loginToken);    $browser = LWP::UserAgent->new;  $response = $browser->request($request);    print Dumper($response) . "\n"; }   When run, the Dumper output shows: $VAR1 = bless( {                  '_protocol' => 'HTTP/1.1',                  '_content' => 'Content-Type application/json had a problem with your request. ***ERROR*** hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at (eval 1932) line 151. ',                  '_rc' => '400',     Any ideas where I'm going wrong?    If I try another method such as PUT, I get a message saying the method is not supported so I must be hittign something on the server. The Wiki says that DELETE is the correct method for a logout: http://docs.opsview.com/doku.php?id=opsview-core:restapi#logging_in_to_the_api   Thanks in advance
leeswit
leeswit's picture
Re: Correct way to Logout after finished using API

Any thoughts anyone?

leeswit
leeswit's picture
Re: Correct way to Logout after finished using API
I've had a go at testing this outside of the script using curl and I'm seeing similar results:   Successful Login $ curl -d '{"username":"admin","password":"initial"}' -H "Content-Type: application/json" -H "Accept: application/json" http://127.0.0.1/rest/login {"token":"a4f2d168001aa3f8bcb928c98b24638a2f2e43f6"}  Successfully Retrieved User Details $curl -v -H "Content-Type: application/json" -H "Accept: application/json" -X GET -H "X-Opsview-Username: admin" -H "X-Opsview-Token: a4f2d168001aa3f8bcb928c98b24638a2f2e43f6" -d '{}' http://127.0.0.1/rest/user {"language":"","access_list":{"CONFIGUREVIEW":"1","REPORTUSER":"1","NOTIFYSOME":"1","REPORTADMIN":"1","RRDGRAPHS":"1","PASSWORDSAVE":"1","TESTALL":"1","CONFIGUREHOSTS":"1","CONFIGUREKEYWORDS":"1","CONFIGURESAVE":"1","DOWNTIMEALL":"1","ADMINACCESS":"1","CONFIGUREPROFILES":"1","TESTCHANGE":"1","VIEWALL":"1","RELOADACCESS":"1","ACTIONALL":"1"},"realm":"local","fullname":"Administrator","name":"admin","role":"Administrator"}  Successfully Received Hostgroup Information $curl -v -H "Content-Type: application/json" -H "Accept: application/json" -X GET -H "X-Opsview-Username: admin" -H "X-Opsview-Token: a4f2d168001aa3f8bcb928c98b24638a2f2e43f6" -d '{}' http://127.0.0.1/rest/status/hostgroup; {"summary":{"handled":"50","unhandled":"2","totalhgs":"2","total":"52","service":{"ok":"48","handled":"48","unhandled":"2","warning":"2","total":"50"},"host":{"handled":"2","unhandled":"0","up":"2","total":"2"}},"list":[{"hosts":{"handled":"1","unhandled":"0","up":{"handled":"1"},"total":"1"},"hostgroupid":"2","computed_state":"warning","matpath":[{"name":"Opsview","id":"1"}],"services":{"ok":{"handled":"24"},"handled":"24","computed_state":"warning","unhandled":"1","warning":{"unhandled":"1"},"total":"25"},"name":"Monitoring Servers","downtime":null,"leaf":"1"},{"hosts":{"handled":"1","unhandled":"0","up":{"handled":"1"},"total":"1"},"hostgroupid":"1","computed_state":"warning","matpath":[],"services":{"ok":{"handled":"24"},"handled":"24","computed_state":"warning","unhandled":"1","warning":{"unhandled":"1"},"total":"25"},"name":"Opsview","downtime":null,"leaf":"0"}]}    When trying to logout however, I get the same error as in my script $curl -v -H "Content-Type: application/json" -H "Accept: application/json" -X DELETE -H "X-Opsview-Username: admin" -H "X-Opsview-Token: cd188b8daebdedd84009b966bdee60c6432097e6" -d '{}' http://127.0.0.1/rest/login < HTTP/1.1 400 Bad Request < Date: Tue, 08 Oct 2013 20:05:29 GMT < Vary: Content-Type,Accept-Encoding < Content-Length: 197 < Content-Type: text/plain < Set-Cookie: opsview_web_session=d2271a7acae6845569a17667af3f88695dc1acde; path=/; expires=Tue, 08-Oct-2013 21:05:29 GMT; HttpOnly < Via: 1.1 127.0.1.1 < Connection: close Content-Type application/json had a problem with your request. ***ERROR*** hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at (eval 1932) line 151, <$fh> line 1.  However when running it a second time, I get the following: < HTTP/1.1 401 Unauthorized < Date: Tue, 08 Oct 2013 20:05:58 GMT < Vary: Content-Type < Content-Length: 27 < Content-Type: application/json < Via: 1.1 127.0.1.1 < * Connection #0 to host 127.0.0.1 left intact * Closing connection #0 {"message":"Token invalid"}  The 'Token invalid' message seems to indicate to me that the session has been successfully deleted but the REST API script isn't handling the response correctly. In truth the returned data doesn't even matter as long as the reponse returned something like 200 to indicate the session had been correctly deleted would be enough.   Anyone got any ideas what's going wrong?
leeswit
leeswit's picture
Re: Correct way to Logout after finished using API

I've also just found where the sessions are stored:

mysql> select accessed_at, token, FROM_UNIXTIME(expires_at) as "Expires" , FROM_UNIXTIME(accessed_at) as "Last Access", username, ip, one_time_token from api_sessions order by accessed_at;                        +-------------+------------------------------------------+---------------------+---------------------+----------+--------------+----------------+ | accessed_at | token                                    | Expires             | Last Access         | username | ip           | one_time_token  +-------------+------------------------------------------+---------------------+---------------------+----------+--------------+----------------+ |  1349818174 | x| 2012-10-09 22:29:34 | 2012-10-09 21:29:34 | admin    | 127.0.0.1    |              0 | |  1349818306 | x| 2012-10-09 22:31:46 | 2012-10-09 21:31:46 | admin    | 127.0.0.1    |              0 | |  1349818314 | x| 2012-10-09 22:31:54 | 2012-10-09 21:31:54 | admin    | 127.0.0.1    |              0 | |  1349818372 | x | 2012-10-09 22:32:52 | 2012-10-09 21:32:52 | admin    | 127.0.0.1    |              0 | |  1349818391 | x| 2012-10-09 22:33:11 | 2012-10-09 21:33:11 | admin    | 127.0.0.1    |              0 | |  1349818409 | x| 2012-10-09 22:33:29 | 2012-10-09 21:33:29 | admin    | 127.0.0.1    |              0 |   This test server isn't running all the time but it appears as though OPSView doesn't clear up old sessions either.    I just tried viewing information with the 2012 session and whilst it didn't authorise it did report 'Session Expired'.   If the server was left running is there a task the runs to clear this table up or is it something we should be keeping an eye on manually clearing old sessions ourselves?   Watching this table did confirm that even though the reply on the DELETE method did product an error, the session is correctly deleted from the database table.